Microsoft Windows Telephony Service Vulnerability Protection (MS05-040)
| Attack ID: | CPAI-2005-119 |
 |
|
| Publish Date: | |
|
|
| Last Update: | |
|
|
| Category: | Remote Code Execution |
|
|
| Vulnerable Systems: | Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 and SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 and 2003 SP1 Microsoft Windows Server 2003 for Itanium-based Systems Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition |
|
|
| Source: |
Microsoft Security Bulletin MS05-040 |
|
|
| Description: | The Telephony service provides support for Telephony Application Programming Interface (TAPI). TAPI supports both traditional and IP telephony to provide voice, data, and video communication. A vulnerability in the TAPI service may allow attackers to gain complete control of an affected system. |
|
|
| Severity: | |
| Details: | The Telephony service provides support for Telephony Application Programming Interface (TAPI). TAPI supports various types of hardware including sound and video cards, modems, ISDN lines, ATM networks, and cameras. By using this hardware, you can communicate over direct connections to local computers, telephone lines, LANs, WANs, and the Internet. The vulnerability lies in the process that the Telephony service uses to validate data and permissions before copying the data to an allocated buffer. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R54, R55, R55W, users of VPN-1 NGX R60 and users of InterSpect who have enabled the protection described below will identify the attack by the following log entry: Attack Name: CIFS worm Attack Information: MS05-040 Telephony Service Vulnerability |
|
|
| Solution: | Users of VPN-1 NG with Application Intelligence R54, R55, R55W, users of VPN-1 NGX R60 and users of InterSpect should update their SmartDefense by clicking Online Update (R55 - Update Now) in the SmartDashboard General window. The Update adds a new pattern, MS05-040 Telephony Service Vulnerability, to the list of Common Internet File Sharing (CIFS) worm patterns. Note: Activating this protection will block legitimate connections to the TAPI service. To enable the protection: 1. On the SmartDefense navigation tree, click Application Intelligence > Microsoft Networks > File and Print Sharing. 2. Enable MS05-040 Telephony Service Vulnerability.  3. Install security policy on all modules. |
|
|
| Industry Reference: | CAN-2005-0058 |
|
|
| Additional Information: | Zone Labs Security Advisory This Update also includes the following protections: - Enhancement to the MS SQL Server Protection (CPAI-2005-54) - Enhanced MS PNG Protection (CPAI-2005-99) - MS COM Objects Protection (CPAI-2005-117) - MS Print Spooler Service Protection (CPAI-2005-118) - MS Plug and Play Protection (CPAI-2005-120) |